@metamask/messenger 1.2.0

Added

• Allow overriding action handler in subclass (#8617)
  • The Messenger class now has a protected getAction method which returns the action handler for a given action name.
• Add subscribeOnce and waitUntil utility methods to Messenger (#8575)

Deprecated

• Deprecate generate-action-types CLI tool and messenger-generate-action-types binary (#8378)
  • The CLI has been extracted to @metamask/messenger-cli. Use messenger-action-types from this package instead.

Fixed

• Throw different error for missing delegated actions (#8557)

@metamask/assets-controller 6.2.1

Changed

• Bump @metamask/transaction-controller from ^64.4.0 to ^65.0.0 (#8613)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)

@metamask/assets-controllers 105.0.0

Added

• Expose missing public CurrencyRateController methods through its messenger (#8561)
  • The following actions are now available:
    • CurrencyRateController:setCurrentCurrency
    • CurrencyRateController:updateExchangeRate
  • Corresponding action types (e.g. CurrencyRateControllerSetCurrentCurrencyAction) are available as well.

Changed

• BREAKING: Standardize names of CurrencyRateController messenger action types (#8561)
  • The GetCurrencyRateState messenger action has been renamed to CurrencyRateControllerGetStateAction to follow the convention. You will need to update imports appropriately.
  • These changes only affect the types. The action type strings themselves have not changed, so you do not need to update the list of actions you pass when initializing CurrencyRateController messenger.
• MultichainAssetsController: Restore fail-open behavior for Blockaid spam token filter (#8580)
  • Uses blacklist approach: only rejects tokens explicitly marked as malicious by Blockaid
  • When Blockaid bulk token scan API calls fail or return no results, tokens are allowed through
  • This prevents legitimate tokens from being blocked due to API outages, network issues, or missing token data
  • Malicious tokens that slip through are caught by the periodic rescan (runs daily by default)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)

Fixed

• Fix selectAssetsBySelectedAccountGroup crashing when an account referenced in the account tree is missing from internal accounts (#8604)

@metamask/bridge-controller 71.0.0

Added

• BREAKING: Add quickBuy and dappSwap FeatureIds for external swap quote consumers (#8598)
• BREAKING: Add market_closed and quote_expired QuoteWarning (#8598)
• Add tokenSecurityTypeDestination: string | null to BridgeControllerState (default null), set via updateBridgeQuoteRequestParams and reset by resetState (#8595)

Changed

• BREAKING: Add required token_security_type_destination: string \| null to RequestParams, RequiredEventContextFromClient[InputSourceDestinationSwitched], and the context arg of updateBridgeQuoteRequestParams; emitted on every analytics event that includes token_address_destination (#8595)
• BREAKING: getRequestParams now takes a second positional argument tokenSecurityTypeDestination: string \| null (#8595)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/assets-controller from ^6.1.0 to ^6.2.1 (#8590, #8622)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)

@metamask/bridge-status-controller 71.1.0

Added

• Add optional tokenSecurityTypeDestination?: string \| null to BridgeHistoryItem, StartPollingForBridgeTxStatusArgs[Serialized], and the submitTx / submitIntent arguments; when provided, it's persisted on the history item and emitted as token_security_type_destination on post-submit analytics events (#8595)

Changed

• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/bridge-controller from ^70.2.0 to ^71.0.0 (#8622)

@metamask/transaction-pay-controller 20.0.1

Changed

• Bump @metamask/assets-controller from ^6.2.0 to ^6.2.1 (#8622)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)
• Bump @metamask/bridge-controller from ^70.2.0 to ^71.0.0 (#8622)
• Bump @metamask/bridge-status-controller from ^71.0.0 to ^71.1.0 (#8622)

@metamask/chomp-api-service 2.0.0

Changed

• BREAKING: Change AssociateAddressParams.timestamp type from string to number. (#8610)

@metamask/money-account-upgrade-controller 1.2.0

Changed

• Bump @metamask/chomp-api-service from ^1.0.0 to ^2.0.0 (#8618)

Fixed

• Send the CHOMP authentication timestamp as a number instead of a string in the associate-address step. (#8610)

@metamask/transaction-controller 65.0.0

Added

• Expose TransactionController:wipeTransactions method through TransactionController messenger (#8592)

Changed

• estimateGasBatch now skips the EIP-7702 path when the account's keyring does not support it, falling back to per-transaction gas estimation (#8388)
• doesAccountSupportEIP7702 now returns false instead of true when the account is not found in any keyring (#8388)
• BREAKING: Add KeyringControllerGetStateAction to AllowedActions to enable keyring-based EIP-7702 account compatibility checks in addTransactionBatch (#8388)
  • addTransactionBatch now automatically checks whether the account's keyring supports EIP-7702 before attempting the 7702 batch path, falling back to STX/sequential when unsupported
  • Clients must add KeyringController:getState to the TransactionController messenger's allowed actions

Fixed

• Fix batch transaction signing so each transaction is signed sequentially, preventing remaining hardware wallet prompts from appearing after a rejection (#8388)

@metamask/transaction-pay-controller 20.0.0

Changed

• Rename executeEnabled feature flag to gaslessEnabled (#8607)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/assets-controller from ^6.1.0 to ^6.2.0 (#8590)

Fixed

• Fall back from Across to later pay strategies when Across quotes would require a first-time EIP-7702 authorization list (#8577)
• BREAKING: Fix mUSD conversion for hardware wallets on EIP-7702 chains by gating relay and Across 7702 paths on the account keyring type via KeyringController:getState (#8388)
  • The TransactionPayControllerMessenger now requires KeyringController:getState permission.

@metamask/eth-json-rpc-middleware 23.1.3

Fixed

• Allow Advanced Permissions metadata in signTypedData V4 requests (#8603)

@metamask/money-account-upgrade-controller 1.1.0

Added

• Add EIP-7702 authorization step to the upgrade sequence. (#8565)

@metamask/social-controllers 2.2.0

Added

• Add SocialService.fetchPositionById method exposing GET /v1/traders/position/:positionId, returning a single Position by ID (#8602)

@metamask/passkey-controller 1.0.0

Added

• Initial @metamask/passkey-controller (#8422): PasskeyController for WebAuthn passkey vault key protection (HKDF-derived keys, AES-256-GCM wrap/unwrap), PRF or userHandle derivation, challenge-keyed CeremonyManager, enrollment/unlock/renewal flows, verifyPasskeyAuthentication, selectors, and exported ceremony timing constants.
• PasskeyControllerError with stable code, optional cause / context, toJSON, and toString; PasskeyControllerErrorCode, PasskeyControllerErrorMessage, and controllerName. Replaces PasskeyAuthenticationRejectedError—use PasskeyControllerError and code for auth failures.
• BREAKING: Operational error messages are prefixed with PasskeyController - ; prefer code or instanceof PasskeyControllerError over matching raw strings.
• renewVaultKeyProtection uses the same vault_key_decryption_failed code as retrieveVaultKeyWithPasskey when AES-GCM decrypt fails.
• Thrown failures from verifyRegistrationResponse / verifyAuthenticationResponse are wrapped in PasskeyControllerError with registration_verification_failed / authentication_verification_failed and the underlying error as cause (aligned with the verified: false path).
• Debug logging (via @metamask/utils) for registration/authentication verification failures, missing ceremony state, vault decrypt failures, and vault key mismatch during renewal.

Fixed

• Registration verification requires the credential id/rawId to match the credential id in authenticator data; vault wrapping key derivation uses that verified credential id so enrollment keys align with the stored credential.
• Registration options request attestation conveyance 'none' so clients are not asked for direct attestation formats the verifier does not implement (none and self-attested packed only).

@metamask/assets-controller 6.2.0

Added

• Add CustomAssetGraduationMiddleware that removes an EVM asset from customAssets[selectedAccount] when AccountsApiDataSource or BackendWebsocketDataSource reports a balance for it (#8582)
  • Non-EVM custom assets (Solana, BTC, Tron) are not affected.
  • RpcDataSource continues to be the sole balance fetcher for assets still in customAssets.
• Add RpcFallbackMiddleware to the fast pipeline so chains that error in response.errors (network error, unprocessedNetworks, timeout) fall back to RpcDataSource (#8582)
  • Successful RPC results are merged into the response and recovered chains are cleared from response.errors.
• Add a configurable fetchTimeoutMs option (default 15000) to AccountsApiDataSource, PriceDataSource, and TokenDataSource (#8582)
  • On timeout, AccountsAPI marks every requested chain as errored so RpcFallbackMiddleware picks them up; price and token enrichment degrade gracefully.
• Add fetchWithTimeout utility that races an async task against a timeout (#8582)

Changed

• Bump @metamask/transaction-controller from ^64.3.0 to ^64.4.0 (#8585)

Fixed

• Handle trace callback returning undefined without throwing (#8586)

@metamask/transaction-controller 64.4.0

Changed

• Snapshot txParamsOriginal in updateEditableParams when containerTypes are first applied (#8546)
• Add requiresAuthorizationList to TransactionController:estimateGasBatch results when EIP-7702 batch gas estimation requires a first-time account upgrade (#8577)

Fixed

• Gas estimation for EIP-7702 transactions now supports any upgrade-with-data transaction, not only self-targeted ones (#8467)